Subscription app (part 4)

hestia

Afolabi Esther

Posted on April 2, 2024

Subscription app (part 4)

In the previous post, I setup and connected the database with the server, verified the email in the database, hashed the password, and saved the user to DB.

In this post, I'll be sending back a token once the user has been saved to DB. Also, create a login route.

5. Send back token

After a user has been signed up successfully, a token has to be sent back to give the user access to the application.

The token will be a jwt (json web token). This article gives a great explanation.

The token is a way of identifying who the user is on the frontend.

The token has to be created and sent to the client, and then the client will send back the token to the server with every single request made.

The token consists of 3 parts: the header, the payload, and the verify signature.

Create the token

I installed the package

npm install jsonwebtoken

Also, install the types
npm install @types/jsonwebtoken --save-dev

create token

Code explanation:

  • 64–70: create a const variable named token
  • generates a JWT containing the user's email and sets its expiration to 1 hour.
  • the JWT_SECRET secret key is crucial for signing the JWT and ensuring its integrity.
  • ln 73 - 83: send back token to the user with user information.

Testing the coding...

sent token

Signing up with a new email.

Yay! I got a token and the user data.

Create login route

The login steps will be:

  • get user data from the client and find the user in the DB
  • compare the hashed password
  • send back a token

Get and find user

find user in db

-ln 94: right here, I get user data from the request body
-ln 96: find user in DB
-ln 98 - 104: if there's no user, send this error

If there's no error from this step, go ahead to compare the passwords

Compare passwords

compare passwords

  • ln 108: using bcryptjs to compare the password from the request body with the hashed password from the database
  • ln 110-119: check if isMatch is false, send this error message

If there's no error from this step, send back a token

Send back a token

sending back token in login route

Just as it's done in the sign-up route.

Testing the API...

login successful

  • create another post request named "login" (simply duplicate the sign-up request)
  • put in the appropriate url
  • in the body, put in the email and password of an existing user

Login was successful, and a token was returned.

Checking what happens if I use an incorrect password

Incorrect password

In the next post, I'll create a check authentication middleware that extracts and verifies the token (gotten from the client) to get the user information.

πŸ’– πŸ’ͺ πŸ™… 🚩
hestia
Afolabi Esther

Posted on April 2, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related